Mercurial > prosody-modules
comparison mod_auth_ldap/mod_auth_ldap.lua @ 1273:1b543060f31e
mod_auth_ldap: Cleanup, reorder and some comments
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 15 Jan 2014 14:35:27 +0100 |
parents | 3e5f8e844325 |
children | 4b15437d6c56 |
comparison
equal
deleted
inserted
replaced
1272:717a08403b26 | 1273:1b543060f31e |
---|---|
1 -- mod_auth_ldap | |
1 | 2 |
2 local new_sasl = require "util.sasl".new; | 3 local new_sasl = require "util.sasl".new; |
3 local log = require "util.logger".init("auth_ldap"); | 4 local lualdap = require "lualdap"; |
4 | 5 |
6 -- Config options | |
5 local ldap_server = module:get_option_string("ldap_server", "localhost"); | 7 local ldap_server = module:get_option_string("ldap_server", "localhost"); |
6 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); | 8 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); |
7 local ldap_password = module:get_option_string("ldap_password", ""); | 9 local ldap_password = module:get_option_string("ldap_password", ""); |
8 local ldap_tls = module:get_option_boolean("ldap_tls"); | 10 local ldap_tls = module:get_option_boolean("ldap_tls"); |
9 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); | 11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); |
10 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); | 12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); |
11 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); | 13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); |
12 | 14 |
13 local lualdap = require "lualdap"; | 15 -- Initiate connection |
14 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); | 16 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); |
15 module.unload = function() ld:close(); end | 17 module.unload = function() ld:close(); end |
16 | 18 |
17 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end | 19 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end |
18 | 20 |
25 })(); | 27 })(); |
26 end | 28 end |
27 | 29 |
28 local provider = {}; | 30 local provider = {}; |
29 | 31 |
32 function provider.create_user(username, password) | |
33 return nil, "Account creation not available with LDAP."; | |
34 end | |
35 | |
36 function provider.user_exists(username) | |
37 return not not get_user(username); | |
38 end | |
39 | |
40 function provider.set_password(username, password) | |
41 local dn, attr = get_user(username); | |
42 if not dn then return nil, attr end | |
43 if attr.userPassword == password then return true end | |
44 return ld:modify(dn, { '=', userPassword = password })(); | |
45 end | |
30 function provider.get_password(username) | 46 function provider.get_password(username) |
31 local dn, attr = get_user(username); | 47 local dn, attr = get_user(username); |
32 if dn and attr then | 48 if dn and attr then |
33 return attr.userPassword; | 49 return attr.userPassword; |
34 end | 50 end |
35 end | 51 end |
36 | 52 |
37 function provider.test_password(username, password) | 53 function provider.test_password(username, password) |
38 return provider.get_password(username) == password; | 54 return provider.get_password(username) == password; |
39 end | 55 end |
40 function provider.user_exists(username) | |
41 return not not get_user(username); | |
42 end | |
43 function provider.set_password(username, password) | |
44 local dn, attr = get_user(username); | |
45 if not dn then return nil, attr end | |
46 if attr.userPassword == password then return true end | |
47 return ld:modify(dn, { '=', userPassword = password })(); | |
48 end | |
49 function provider.create_user(username, password) return nil, "Account creation not available with LDAP."; end | |
50 | 56 |
51 function provider.get_sasl_handler() | 57 function provider.get_sasl_handler() |
52 return new_sasl(module.host, { | 58 return new_sasl(module.host, { |
53 plain = function(sasl, username) | 59 plain = function(sasl, username) |
54 local password = provider.get_password(username); | 60 local password = provider.get_password(username); |